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(57) The present invention relates to electronic 
monetary systems in general, and in particular to meas- 
ures for making their use easier for an average user. 
The present invention is based on the idea that the use 
of electronic money is greatly simplified for a non-expert 
user, if the Internet Service Provider of the user takes 
care of the payments, and adds corresponding charges 
on the user's telephone bill. Such functionality requires 
the intervention of the ISP in the transmissions between 
a user and a third party, i.e. intercepting the electronic 
payment requests sent by a merchant According to the 
present invention, the ISP uses electronic money on 



behalf of the user, and charges the payments on the 
user's telephone bill. The ISP can take care of all tech- 
nical details necessary for obtaining different forms of 
electronic money in a centralized manner, and all users 
of the ISP can use the electronic money obtained by the 
ISP simply by allowing the ISP to add corresponding 
charges to their telephone bills. Further, the ISP can 
obtain all major forms of electronic money, whereafter a 
user can choose the most economical way of payment, 
if a merchant accepts payments in more than one form 
of electronic money. 



MERCHANT 








ROUTER 




SSP 




IE 








112 




I 

104 



XMODEM 



1 

102 



i 
100 



Fig. 7 



CD 
CO 

CO 
CO 



I '7 / 7 



a. 

LU 



Primed by Xerox (UK) Business Services 
2.16.3/3.4 



1 EP 0 8 

Description 

The present invention relates to electronic mone- 
tary systems in general, and in particular to measures 
for making their use easier for an average user. 

A conventional Internet Service Provider (ISP) sys- 
tem is shown in Figure 1. The basic duty of an ISP is to 
transfer data from one network such as the Internet to 
another network such as the conventional telephone 
network, and vice versa. A user can connect to the 
Internet network 116 using his computer 100 and 
modem 102 via the conventional telephone network 
represented in Figure 1 by the user's local telephone 
exchange 104, and via the ISP system 105. A conven- 
tional ISP system 105 comprises a Call Control Point 
106, which receives the calls and directs them to termi- 
nal servers 1 1 2. The terminal servers 112 basically con- 
vert the data signals from the form used in the 
conventional telephone network to the form used in the 
network 1 16 to which the ISP system 105 is connected 
to, and vice versa. A typical ISP system 105 further 
comprises a router 1 14, which receives the data signals 
from terminal servers 112 and sends them to the net- 
work 116, and conversely, receives data signals from 
the network 116, and based on the destination 
addresses given in the data signals, forwards each sig- 
nal to the correct terminal server 1 1 2. A typical ISP sys- 
tem 105 also comprises a proxy 1 1 8, which functions as 
an intermediary between the users of the ISP and third 
parties in the network 116. A proxy typically caches in 
its mass memory most recent documents, which the 
users of the ISP retrieve from the network. If a user 
transmits a request for a document which had recently 
been accessed from the ISP and is therefore cached in 
the memory of the proxy, the proxy sends the user a 
copy of the document from its memory, in order to 
reduce the load on the network 116 and speed up the 
service perceived by the user. 

The data signals are transferred in the Internet with 
TCP/IP protocol, which is described in detail in the 
standards RFC 791 and RFC 793. World Wide Web 
(WWW) documents can be accessed on WWW servers 
in the Internet with the help of the HTTP protocol, which 
defines among others, a standard format for requesting 
a certain document on a given WWW server. Version 
1 .0 of the HTTP protocol is defined in the standard RFC 
1945. The TCP/IP protocol and the HTTP protocol are 
both well known to the man skilled in the art, and do not 
require further elaboration. 

Figure 2 shows the configuration of a second type 
of telephone network service, namely a voice service 
provider system 210 used for example in automated 
ordering services. Figure 2 shows an example, how an 
Intelligent Network (IN) compliant telephone exchange 
can be used to produce an automated service. The 
voice service system 210 comprises an IN-compliant 
Service Switching Point (SSP) 104, a Service Control 
Point (SCP) 110 which controls the SSP, and a data- 
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base with voice output 212. The dun of the SSP is basi- 
cally to connect the callers to the outputs of the 
database 212. The user can, for example, order tickets 
from such a service by pressing the number keys on his 

5 telephone, while the SCP guides the user with the help 
of the messages in the database 212. Intelligent Net- 
work features and the capabilities of various IN compo- 
nents, such as the CCP, SCP and SSP are described in 
several CCITT recommendations, for example the rec- 
to ommendations Q.1201, Q.1202, Q.1203, Q.1204, 
Q.1205, Q.121 1 , Q.1213, Q.1214, Q.1215, and Q.1218. 

Several versions of electronic money are available 
or under development today. An overview of major ver- 
sions of electronic money is given in the cover story and 

is related articles in the June 1996 issue of the Byte mag- 
azine. In one system, a user can obtain electronic cash 
from a provider of electronic cash, which gives the user 
electronic symbols representing the amount of money 
paid by the user. The user typically stores these sym- 

20 bols in his computer with the help of a electronic wallet 
program, and uses the symbols later for payment of var- 
ious services or merchandise over a telecommunica- 
tions network, such as the Internet. After the 
transaction, the merchant can send the received sym- 

25 bols to the provider of electronic cash and change them 
to real money. Such an electronic monetary system is 
described in detail in, for example, the European patent 
application EP 542 298 and the references contained 
therein. An electronic monetary system based on the 

30 use of credit cards or like means of payment is currently 
being developed by major credit card companies. One 
similar credit card based system is described in the 
standard RFC 1898. 

Common to all current electronic monetary systems 

35 is that they are cumbersome from the user's point of the 
view. The user must first obtain the electronic money 
before being able to pay for services or merchandise 
over a communications network such as the Internet. 
Further, the user typically needs a special electronic 

40 wallet program. In one major credit card based elec- 
tronic monetary system, the user must obtain an elec- 
tronic identification certificate identifying him as the 
rightful owner and user of his credit card. 

These requirements cause a burden on the user, 

45 and requires the average user to know about the details 
of various forms of electronic money and learn how to 
obtain and use such electronic money. The symbols 
representing the electronic money are typically stored 
on the hard disk of the user's computer, and are vulner- 

so able to accidental erasure or malfunction of the hard 
disk. Therefore, the user should take good care of the 
electronic cash, and take backup copies of the symbols 
representing the money. Although electronic monetary 
systems provide for replacement of accidentally lost 

55 electronic money, the replacement procedure is a bur- 
den on the user. Further, since there are more than one 
type of electronic money being developed, the user 
needs to obtain. all major types of electronic money if he 
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desires not to be limited in his buying choices, since it is 
very probable that all merchants will not accept all forms 
of electronic money. 

An object of the invention is to make it easy for a 
user to pay with electronic money. A further object of the s 
invention is to allow a user to pay with electronic money 
without requiring him to obtain any electronic money 
himself. A still further object of the invention is to imple- 
ment a system, with which Internet Service Providers 
and like services can provide an easy way of using elec- 10 
tronic money for their users. 

These aims will be reached by adding an intercept- 
ing means and electronic wallet means to an ISP sys- 
tem, and arranging the system to 

'5 

optionally initiate the payment procedure on the 
request of the user, 
- intercept and redirect to the electronic wallet means 
an incoming payment request addressed to a user, 
add a charge corresponding to the requested 20 
amount to the user's telephone bill, and 
send from the electronic wallet means an electronic 
money payment in response to the payment 
request from a merchant. 

25 

The system according to the invention is character- 
ized by that 

the system comprises an electronic payment inter- 
cepting means, 3° 
which is arranged to redirect at least a part of elec- 
tronic money transaction messages arriving from 
the first telecommunications network and 
addressed to users in the second telecommunica- 
tions network to an electronic wallet means, 35 
which electronic wallet means is arranged to con- 
vert electronic money transaction messages into 
conventional transactions. 



The method according to the invention is character- 
ized by that the method comprises the steps of 



40 



present invention, the ISP uses electronic money on 
behalf of the user, and charges the payments on the 
user's telephone bill. The ISP can take care of all tech- 
nical details necessary for obtaining different forms of 
electronic money in a centralized manner, and all users 
of the ISP can use the electronic money obtained by the 
ISP simply by allowing the ISP to add corresponding 
charges to their telephone bills. Further, the ISP can 
obtain all major forms of electronic money, whereafter a 
user can choose the most economical way of payment, 
if a merchant accepts payments in more than one form 
of electronic money. 

The system according to the present invention 
comprises an interception means, which examines the 
incoming data traffic. When the interception means 
notices that a transmission contains a request for pay- 
ment with electronic money, it redirects the transmission 
to another means comprising the functionality neces- 
sary for the use of electronic money. After this, the sys- 
tem inspects the request, adds a corresponding amount 
to the user's telephone bill and continues with the pay- 
ment according to the received request The system 
according to the invention can further comprise means 
for controlling, and optionally initiating, the payments. 
For example, the user can set up an acceptance policy 
or accept or reject individual payments through a sepa- 
rate connection to a network address administered by 
the system according to the invention. 

Various embodiments of the invention will be 
described in detail below, by way of example only, with 
reference to the accompanying drawings, of which 

Figure 1 shows, how a user can connect to a net- 
work such as the Internet according to the 
prior art, 

Figure 2 shows an example of a voice service pro- 
vider system using an IN-compIiant tele- 
phone exchange, 

Figure 3 shows a basic example of a system 
according to the invention, 



receiving a electronic money transaction request 
from a first telecommunications network addressed 
to a user in a second telecommunications network, 45 
transforming the electronic transaction request to a 
conventional transaction. 

The present invention is based on the idea, that the 
use of electronic money is greatly simplified for a non- so 
expert user, if the ISP takes care of the electronic 
money payments, and adds corresponding charges on 
the user's telephone bill or uses some other suitable 
way of obtaining a payment from the user. Such func- 
tionality requires the intervention of the ISP in the trans- 55 
missions between a user and a third party, i.e. 
intercepting the electronic payment requests sent by a 
merchant. According to a preferable embodiment of the 



Figure 4 shows another example of a system 
according to the invention, 

Figure 5 shows an embodiment of the invention, in 
which the interception means 120 outputs 
the redirected traffic via the same output as 
the rest of the traffic, 

Figure 6 shows an example, where the system 
according to the invention is implemented 
in a system connected to a mobile tele- 
phone network, 

Figure 7 shows an advantageous embodiment of 
the invention, where the interception 
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Figure 8 



means 120 is implemented within a proxy 
118, and 

shows an example of a particular imple- 
mentation of the system according to the 
invention. 



Figures 1 and 2 were described earlier in connec- 
tion with the description of the state of the art. 

Figure 3 shows a basic example of an advanta- 
geous embodiment of the invention. In this example, the 
user is in contact with a merchant 1 30 with his computer 
100 and modem 102 or ISDN adapter 103, through the 
local telephone exchange 104, the system 105 of the 
Internet service provider (ISP), and the network 1 16. In 
the system according to the invention, the ISP system 
105 additionally comprises an intercepting means 120. 
The intercepting means 120 redirects the payment 
requests originating from the network to the control unit 
122 of the ISP system 105. When the user gives a 
request for a service or a merchandise, the merchant's 
130 system responds with a payment request The 
intercepting means 120 redirects the request to the con- 
trol unit 122, which sends conventional accounting sig- 
nals corresponding to the payment via the SSP 106 to 
the user's local telephone exchange 104, where the cor- 
responding sum is added to the user's telephone bill. 
After sending the accounting signals, the control unit 
1 22 sends the electronic money to the merchant 1 30 via 
the network 116. After receiving the electronic money, 
the merchant 130 continues with producing the 
requested service or merchandise. 

The control unit may send the electronic money and 
other messages to the merchant via the intercepting 
means 120 as in the embodiment of Figure 3, or past 
the intercepting means, for example via a router 
included in the ISP system. 

The control unit may effect the debiting of the user's 
telephone account at any convenient stage in the pay- 
ment procedure, not only in the beginning of the proce- 
dure. Naturally, it may be desirable for the ISP to effect 
the debiting at the latest before a point in the payment 
procedure after which the payment cannot be can- 
ceiled, if the debiting for some reason is not succesful. 

In one advantageous embodiment of the invention, 
the control unit 1 22 comprises in addition to the func- 
tionality needed for the use of electronic money, also the 
functionality of a conventional IN-compliant Service 
Control Point. 

In the embodiment of Figure 3, the electronic wallet 
means, i.e. the electronic money transaction means, is 
located in the control unit 122 or a similar functional 
entity. The wallet and its contents are taken care of by 
the ISP, which obtains more electronic money from a 
electronic money provider when necessary. The ISP 
can obtain all major forms of electronic money from 
major electronic money providers, whereafter the user 
does not need to take notice of which merchants require 



which kind of electronic money 

One important aspect of electronic money is the 
possibility tor the user to accept or reject any given pay- 
ment request. In the system according to invention, this 

5 can be implemented in several ways. One advanta- 
geous embodiment is shown in Fig. 4. The control unit 
122 is connected to the router 114, and the user can 
form a connection to a payment control means 122a in 
the control unit 122. This payment control means 122a 

10 can be. for example, in the form of a World Wide Web 
(WWW) document at a certain network address, which 
is administered by the control unit 122. The router 114 
directs all communication from the user to this network 
address directly to the control unit. The user can open a 

is connection to the network address of said payment con- 
trol means in the same conventional way as to any other 
address in the network 116. The control unit 122 can 
recognize the user connecting to it via the network 116 
based on the user's network address, since the control 

20 unit 1 22 knows the network addresses allocated for the 
users of the ISP system 1 05. Once the user has opened 
a connection to the said network address of the control 
unit 122, the control unit 122 can inform the user via the 
opened connection of an eventual incoming payment 

25 request and ask for confirmation. 

The payment control means and other control 
means described later in this application could be 
directly connected to the network 116. In that case, 
communication from the user to the control means 

30 would pass through at least a part of the network 116. 
However, such a configuration would be more vulnera- 
ble to outside attacks, since the. important information 
determining the acceptance of payments would briefly 
flow outside the ISP system. The configuration shown in 

35 Figure 4 is more secure, since the communication 
between the user and the control means only takes 
place within the conventional telephone network and 
within the ISP system. 

As in the case of conventional electronic money, the 

40 user can adopt a default policy towards payment 
requests and instruct the ISP to treat incoming payment 
requests accordingly. The policy can include, for exam- 
ple, the options of 

45 - allowing payments under a certain limit, 

allowing all payments until a certain cumulative 
amount has been reached in a given time period, 
allowing all payments to a given merchant or a 
number of merchants, 

so - forbidding all payments to a given merchant or a 
number of merchants, 
any combinations of the previous, or 
forbidding all payments. 

55 The user can set up the policy with the ISP in many 
ways, for example, by making a separate agreement 
with the ISP. The ISP can as well set up a default policy, 
which the users agree on when starting to use the serv- 
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ices of the ISP. In one advantageous embodiment of the 
invention, the control unit 122 comprises policy control 
means 122b, and the user can control and adjust the 
payment acceptancy policy by connecting to the control 
unit 122 through the network as described above, and 5 
instructing the control unit 122 with the help of the said 
policy control means 122b. The control unit 122 can find 
out which user's policy information to change by recog- 
nizing the user in the way described previously. 

A further aspect of electronic money, namely the 10 
voluntary sending of an amount of electronic money, 
can be implemented in a similar way. In one advanta- 
geous embodiment of the invention, the control unit 122 
comprises payment sending means 122c, which the 
user can connect to at a certain network address as 15 
described previously. After connecting to the said pay- 
ment sending means 122c, the user can instruct the 
payment sending means 122c to send an electronic 
payment to a desired network address. After receiving 
the instruction to send a payment, the payment sending 20 
means preferably first sends accounting signals to the 
user's exchange 1 04 to add the amount to be.sent to the 
user's telephone bill, after which the payment sending 
means 122c sends the instructed amount of electronic 
money to the desired address, indicating the user as the 25 
sender of the money. It is also possible that a user 
wishes to send an anonymous donation. Therefore, the 
payment sending means 122c preferably also com- 
prises a control means allowing the user to instruct the 
payment sending means 122c not to designate him nor 30 
any other person as the sender of the payment. The 
user may also use any of the known methods of hiding 
the identity of the sender of a message, for example by 
sending the payment via a special anonymous server. 

In some electronic money systems the user may 35 
need to initiate a payment procedure himself. In the sys- 
tem according to the invention the user can initiate the 
payment for example with the payment sending means 
122c or other similar control means. 

In one advantageous embodiment of the invention, 40 
the payment control means 122a, policy control means 
122b, payment sending means 122c, and any other 
control means described in this application are com- 
bined into one general control means, in order to allow 
the user to control all aspects of the electronic money 45 
with a single connection. Also any combinations of the 
control unit 1 22 and any control means described in this 
application are possible to implement. 

In a further advantageous embodiment of the 
invention, the system according to the invention pro- so 
vides for a further aspect of electronic monetary sys- 
tems, namely receiving payments. In this embodiment, 
the system according to the invention receives and 
processes the payment in the way specified by the elec- 
tronic monetary system in question. After receiving the 55 
payment, the system transfers a corresponding amount 
of credit to the user. The transferring may proceed, for 
example, in one of the following ways: 



if the base network through which the user is con- 
nected to the ISP allows crediting the user's 
account, the system can credit that account; 
the ISP can keep internal accounts for the users, in 
which case the payment is added to the account; or 
the ISP can initiate an automatic bank transfer to 
the bank account of the user, if the user has 
informed the ISP of his bank and his bank account. 

Alternatively, the system according to the invention can 
employ any of the prior art methods of crediting an 
account, used for example in conjunction with various 
service lines charging an extra fee above the normal call 
fee. Preferably, the system according to the invention 
can be instructed by a user to collect payments into an 
internal account until a specified minimum amount has 
been reached, before transferring the accumulated 
credit to the user. 

The control unit 122 can include details about each 
payment in the accounting information sent to the user's 
telephone exchange 104 to allow detailed itemization of 
paid goods and services on the user's telephone bill, if 
the base network containing the telephone exchange 
104 supports detailed itemization of the telephone bill. 
This kind of reporting may also be accomplished 
through sending a separate information letter or e-mail 
to the user or using any other known means of informing 
a user. 

The requested payments might not be exact multi- 
ples of the charging unit of the telephone network, 
through which the user is connected to the ISP system 
105. The requested payments may even be substan- 
tially smaller than conventional charging units, since 
many electronic monetary systems provide for very 
small payments called micropayments. The system 
according to the invention may comprise means for 
keeping accounts for sums below one charging unit, 
and wait until the total of payments exceeds one charg- 
ing unit before sending accounting signals to the user's 
local exchange for adding one charging unit to the 
user's telephone bill. The invention does not limit the 
charging practices of the ISP system in any way. The 
ISP can for example add a surcharge for every elec- 
tronic payment made using the system according to the 
invention. 

In one advantageous embodiment of the invention, 
the ISP sends the user a separate invoice, instead of 
charging his telephone account. The ISP may collect a 
number of payments into an internal account, until a first 
predetermined sum has been reached, after which the 
ISP sends an invoice. If a payment is larger than a sec- 
ond predetermined sum, the ISP can send ah invoice 
covering that particular payment. The ISP may as well 
require the user to deposit an amount before allowing 
the user to use the electronic money of the ISP, i.e. 
require payment before use. Naturally, any conventional 
invoicing methods may be used. 

The system according to invention can use any 
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electronic monetary system, even credit card based 
monetary systems. The system can pay the merchant 
with the credit cards issued to the ISP, after adding the 
corresponding sum to the user's telephone bill. The ISP 
can obtain all necessary electronic identification certrfi- s 
cates and programs necessary for using a given type of 
credit card based electronic money, thus alleviating the 
burden from the users of the ISP. 

The basic functions performed by the intercepting 
means 120 include, but are not limited to, the following: 10 

the intercepting means 120 inspects every incom- 
ing data packet, 
- if the data packet does not contain electronic 
money traffic, the data packet is forwarded in the is 
normal way to the user, 

if the data packet does contain electronic money 
traffic, the intercepting means 120 directs it to the 
electronic money transaction means. 

20 

The method of detecting electronic money traffic 
from other traffic may vary depending on the actual pro- 
tocol used to transfer money. In the current electronic 
monetary systems the two main approaches for the 
transmission of electronic money information are the fol- 25 
lowing: 

1) the electronic money traffic is directed to a cer- 
tain port according to the TCP/IP-protocol, 

2) the electronic money information is contained 30 
within special fields of the HTTP protocol. 

Preferably, the system according to the invention is 
arranged to handle both types of electronic money infor- 
mation. For clarity, the cases 1) and 2) are discussed 35 
separately in the following paragraphs. 

In the case that the electronic money traffic is 
directed to a certain TCP port, the basic junction of the 
intercepting means 120 of redirecting electronic money 
traffic to the control unit 122 can be implemented in sev- ao 
eral ways, which include at least the following: 

1a) The intercepting means 120 can redirect the 
electronic money containing packets to a different 
output than the rest of the traffic, as shown in Fig. 4. 45 
1b) The intercepting means 120 can treat a packet 
containing electronic money as a piece of data and 
pack it into one or more IP packets addressed to the 
control unit 122 and forward the new packets to the 
same output as the rest of the traffic, after which the so 
router 1 14 of the ISP system 105 switches the new 
packets to the control unit 122. 
1c) The intercepting means 120 can rewrite the 
packet replacing the user's address with the 
address of the control unit 122 in the destination ss 
address field of the packet, and encoding the user's 
address in other fields of the packet or by adding a 
source routing option to allow the control unit 1 22 to 



recognize which user the packet was originally 
addressed to. After rewriting, the intercepting 
means 120 forwards the the rewritten packet to the 
same output as the rest of the traffic, whereafter the 
router 1 14 of the ISP system 105 switches the new 
packets to the control unit 122. 

The configuration of the embodiment shown in Fig- 
ure 5 is suitable for use with the said ways of implemen- 
tation 1b) and 1c). In this embodiment, the intercepting 
means 120 effects the redirection of the packets by 
readdressing them to the control unit 122. The router 
1 14 subsequently forwards all packets to their stated 
destination addresses; whereafter the redirected pack- 
ets reach the control unit 1 22. 

The exact TCP port dedicated for electronic money 
traffic may vary depending on the electronic money pro- 
vider. In this case, the intercepting means 120 can 
check, if the TCP port number in the destination port 
field of the packet corresponds to any of the port num- 
bers in a predetermined set of port numbers. 

In one advantageous embodiment of the invention, 
the intercepting means 120 redirects the electronic 
money traffic addressed to only some users, and 
passes through the electronic money traffic addressed 
to other users without redirection. In this embodiment if 
the data packet contains electronic money traffic, the 
intercepting means 120 determines the destination of 
the packet. If the packet destination is not one of the 
users in a certain category, the packet is passed nor- 
mally to the end user. In this embodiment, the users of 
the ISP can take care of the electronic money them- 
selves in the manner known in the art, if they do not 
wish to pay for any services or merchanise on the tele- 
phone bill. Such an option would be useful, for instance, 
for the employees of a small company, who are using 
the company's account at the ISP to access the net- 
work, and who wish to pay themselves for the services 
or merchandise. The intercepting means can also redi- 
rect payment requests of certain kinds of electronic 
money only, and pass payment requests of other kinds 
of electronic money without redirection. These features 
can be preferably controlled by a control means similar 
to previously described control means 122a, 122b, and 
122c. 

The case 2) above, i.e. when the electronic money 
information is contained within additional fields of a 
HTTP request according to the HTTP protocol, is 
slightly more complicated. A HTTP request may be sent 
over a network in one or more transmission units such 
as TCP packets, depending on the size of the request 
and the size of a single transmission unit of the network. 
Therefore, the HTTP request may need to be recon- 
structed from the sent transmission units, before the 
intercepting means 120 can inspect, whether the 
request contains electronic money information or not 

The HTTP protocol allows for transmission various 
data fields before payload data in a single transmission 
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such as a HTTP request. The HTTP protocol itself 
defines and uses some fields, and electronic monetary 
systems may define other fields. 

The electronic monetary systems may use at least 
the following formats in a single HTTP transmission: 5 

2a) the transmission only contains the electronic 

money information in one or more fields, 

2b) the transmission contains the electronic money 

information in one or more fields and as the payload 10 

data of the transmission, or 

2b) the transmission contains the electronic money 

information in one or more fields, and a document. 

In the cases 2a) and 2b) above, the transmission is 
only contains electronic money information in various 
forms. In these cases, the intercepting means 120 redi- 
rects the transmission to the control unit 122, which can 
subsequently act as required by the electronic payment 
protocol in question and as described above in connec- 20 
tion with the description of Figure 3. 

The case 2c) above is more complicated. As above, 
the intercepting means 120 redirects the transmission 
to the control unit 122. In this case the control unit 122 
must decide, whether the user needs to receive the doc- 25 
ument contained as the payload data of the transmis- 
sion. If the control unit 122 is able to determine that the 
user does not need to receive the document, the system 
can act as described above at points 2a) and 2b). This 
determination is possible, if the electronic payment pro- 30 
toco! in question has standardized the content of such a 
document and the control unit 122 can verify that the 
document does not contain any new information for the 
user. For example, it may be a HTML document of a pre- 
determined structure, containing a question about 35 
acceptance of the purchase and the definitions of a 
"Yes" and a "Cancel" button for the user to approve or to 
cancel the purchase. If the purchase is within the limits 
indicated by the user for automatic acceptance, the con- 
trol unit 122 does not need to present the question to 40 
the user. 

If the control unit 1 22 is unable to determine that the 
user does not need to receive the document, it must 
pass the HTTP request containing the document to the 
user. The control unit can accomplish this for example 45 
by sending the HTTP request back to the intercepting 
means 120, instructing the intercepting means 120 to 
send the HTTP request to the user. Alternatively, the 
system may comprise another means for adding such 
requests sent by the control unit to the data communica- so 
tion traffic directed to the user. In order not to invoke a 
payment procedure at the user's computer, the control 
unit 122 preferably removes the fields containing elec- 
tronic money information from the HTTP request for- 
warded to the user or replaces them or their contents ss 
with an indication to the effect that the payment is 
already being taken care of. 

In a further advantageous embodiment of the 



invention, the system according to the invention can 
prompt the user for the acceptance or denial of a pay- 
ment by sending the user an electronic document, such 
as a HTML document, containing for example a ques- 
tion about acceptance of the purchase and the defini- 
tions of a "Yes" and a "Cancel" button for the user to 
approve or to cancel the purchase. Specifically, in the 
case 2c) described above, the control unit can replace 
the document sent by the merchant with a similar docu- 
ment specific of the ISP system before forwarding the 
HTTP request to the user. Of course, as described 
above, the control unit needs to determine first, if it is 
allowed to replace the original document 

The HTTP 1.0 protocol is defined in the standard 
RFC 1945 and is well known by the man skilled in the 
art Therefore, the protocol is not described in this appli- 
cation. The exact fields and field names utilized by vari- 
ous electronic monetary systems may vary according to 
monetary system and electronic money provider in 
question, wherefore the exact fields and field names are 
not defined in this application. The system according to 
the invention can be arranged to act upon any given 
protocol for transmission of electronic payments. 

In a further advantageous embodiment of the 
invention, the intercepting means 120 redirects all 
HTTP traffic on the basis of the TCP port number 
reserved for the HTTP protocol. The system according 
to the invention can employ a two-level intercepting 
means scheme, in which the redirected HTTP traffic is 
interpreted and inspected by a second-level intercept- 
ing means, which directs HTTP transmissions contain- 
ing electronic money information to the control unit 122, 
and forwards the rest of the HTTP traffic to the user. 
Alternatively, the first intercepting means 120 can redi- 
rect all HTTP traffic directly to the control unit 122, 
which then interprets and inspects all HTTP transmis- 
sions. As previously, if any given HTTP transmission 
does not contain electronic money information, the 
transmission is forwarded to the user. If a HTTP trans- 
mission contains electronic money information, the 
transmission can be handled as described previously. 

In a further advantageous embodiment shown in 
Figure 7, the intercepting means 120 and preferably 
also the functionality of the control unit 1 22 pertaining to 
electronic money are implemented in the proxy 118 of 
the ISP system. For example, the electronic wallet 
means 124 of the ISP system could be implemented in 
the proxy 118 instead of the control unit 122, as 
described previously. Also, the control means 122a, 
122b and 122c and other control means pertaining to 
use of electronic money can be controlled by the proxy 
1 18, in the embodiment of Figure 7. In this embodiment, 
the remaining functionality of the control unit 1 22 is very 
close to that of a conventional Service Control Point 110 
of an IN-compliant telephone exchange. The proxy 118 
can handle all details of the electronic money transac- 
tions, and the control unit 122 in addition to the conven- 
tional functions of a Service Control Point, only needs to 
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be able to receive accounting information from the proxy 
118 and return a confirmation of a succesful addition of 
a sum on the user's telephone bill. 

In conventional ISP systems, the use of the sys- 
tem's proxy is not mandatory for a user, and he can con- 
figure the programs in his computer not to use the proxy. 
In the embodiment of Figure 7, the user can control the 
usage of electronic money also by choosing whether to 
use the proxy 118 or not. Further, a large ISP may have 
more than one proxy to handle the traffic; in that case, 
the user may choose which proxy to use: one with elec- 
tronic money functionality, or a conventional one without 
functionality supporting the use of electronic money. In 
the embodiment of Figure 7, if the user does not use a 
proxy or uses a conventional proxy, the ISP does not 
treat the electronic money traffic for that user in any spe- 
cial way, whereafter the user may use his own electronic 
money if he so wishes. 

The intercepting means 120 can also be imple- 
mented, for example, in a firewall device. A firewall 
device is typically a computer running screening soft- 
ware, installed between a system and a network to pro- 
tect the system from unwanted intruders from the 
network. One typical way of operation for a firewall 
device is to readdress all traffic originating from users of 
the system and all incoming traffic addressed to users in 
the system, in order not to reveal the true network 
addresses of the users. That is, in outgoing traffic the 
firewall replaces the user's address with a bogus 
address and stores the user's address and the bogus 
address in its memory. Conversely, the firewall device 
replaces the bogus address given as the destination 
address in an incoming message with the real address 
of the user. The firewall usually blocks all incoming traf- 
fic addressed to any other addresses. Such a read- 
dressing means provides an advantageous starting 
point for implementation of an intercepting means, 
which effects the separation of electronic money traffic 
from the rest of the traffic by readdressing the electronic 
money traffic as described previously. 

The inclusion of the electronic money functions in 
the control unit 122 in some of the previously described 
embodiments of the invention was presented as an 
example only. The separation of the electronic money 
functions from the control unit 122 to a separate means 
such as a proxy 118 as in the previous example, or a 
separate electronic money unit can be incorporated in 
any of the embodiments described in this application. 

In a further advantageous embodiment, the system 
according to the invention can convert one form of elec- 
tronic money to other forms of electronic money. For 
example, the user may have only one type of electronic 
money, in which case it is desirable that the ISP system 
would convert requests for payment into requests of that 
type of electronic money, with which the user can pay. In 
such an embodiment the system according to the 
invention sends the user a conventional payment 
request, instead of sending accounting information to 
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the conventional telephone network to charge his tele- 
phone bill. After receiving the payment from the user, 
the ISP system can respond to the original payment 
request in whatever type of electronic money requested. 

5 The system according to the invention can further 
be used to make it easier to obtain electronic money. If 
a user wishes to obtain electronic money to be able to 
make electronic payments independently of the ISP, he 
can contact a bank which has made a special agree- 

10 ment with the ISP allowing the ISP's users to download 
electronic money into their own computers from the 
bark and to pay for the downloaded money along with 
their telephone bill. Alternatively, since a bank can act 
as a conventional merchant as well, the user can con- 

15 tact a bank which sells electronic money, i.e. changes 
one type of electronic money to other types of electronic 
money for a commission. This way, a user can obtain 
electronic money into his computer, which he can then 
use in other systems without the help of the ISP. For 

20 example, the user can download the electronic money 
from his computer into a smart card, and pay with the 
smart card for purchases in conventional shops, for tick- 
ets on the city transport etc. 

In the previous embodiments, the network 116 can 

25 be, but is not limited to, the Internet. The network 116 
may be any other network, for example a closed net- 
work of a certain business sector, closed in the sense 
that it is only accessible to companies, not individual 
persons. 

30 In the previous embodiments, the user was con- 
nected to the ISP system 105 via a conventional 
PSTN/ISDN telephone network. However, the system 
according to the invention can be used in conjunction 
with other types of telecommunications networks as 

35 well. In one advantageous embodiment of the invention, 
the user is connected to the ISP system 105 via a 
mobile telecommunications network 200, as shown in 
Figure 6. For example, the user can contact the ISP sys- 
tem 105 with his laptop computer 100 and mobile tele- 

40 phone 202, via the base station 204 of the mobile 
telecommunications network 200. The mobile telecom- 
munications network 200 can be for example a GSM 
(Global System for Mobile communications) or a 
DAMPS (Digital Advanced Mobile Phone Service) net- 

45 work. Alternatively, the user can use a PDA device 206 
(Personal Digital Assistant) comprising mobile terminal 
functions, or a similar device to connect to the ISP via 
the mobile network 200. The embodiment shown in Fig- 
ure 6 is very advantageous for those mobile telephone 

so service providers which also sell ISP services. Other 
possible telecommunication networks are cable televi- 
sion networks, where several suggestions have been 
made which would convert the cable TV network from a 
one-way broadcasting network into a two-way telecom- 

55 munications network. 

The previous embodiments describe several func- 
tional entities, such as the intercepting means 120, the 
control unit 122, and the electronic wallet means 124. 
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These functional entities can be implemented in many 
different ways in one or more physical pieces of equip- 
ment, and the invention does not limit the form of imple- 
mentation of these entities. For example, the 
intercepting means 120 can be implemented in the 
router 114, or a plurality of intercepting means 120 can 
be implemented in the terminal servers 112. The inter- 
cepting means 120 and the control unit 122 can even be 
implemented in the same physical device. Further, if 
desired, the control unit 122 can be implemented with 
several sub-units in one or more physically separate 
devices. For example, the functionality of the control unit 
122 can be implemented as computer programs func- 
tioning in one or more computers. 

In the following paragraphs, a description of one 
exemplary embodiment of the invention is presented 
with reference to Figure 8. 

In this embodiment, the intercepting means 120 is 
implemented in a fast microcomputer running the Net- 
BSD operating system. The microcomputer is equipped 
with local area network (LAN) interfaces for connection 
to the Internet, to the terminal servers 1 12 and to the 
control unit 112. The TCP level intercepting means is 
implemented by changing the operating system kernel 
routines handling IP packets. Namely, the ip_input() 
operating system function is modified to inspect all 
incoming TCP/IP packets. Those packets that include 
electronic money information, i.e. designate a port 
number reserved for an electronic monetary system, 
are redirected to the control unit 122 via the LAN inter- 
face. Packets containing HTTP traffic are directed to 
HTTP screening software 120' running in the same 
microcomputer. 

The HTTP screening and intercepting software 
120', which was in the description of one of the previous 
embodiments referenced to as a second-level intercept- 
ing means, receives all packets containing HTTP t raffic 
from the modified operating system Kernel. The HTTP 
screening and intercepting software 120* inspects the 
packets to determine, whether the packets contain elec- 
tronic money information. If this cannot be determined 
from a single packet in the case of a HTTP transmission 
consisting of more than one packet, the HTTP screen- 
ing and intercepting software 120* can collect several 
packets before making the determination. If a HTTP 
transmission does not contain electronic money infor- 
mation, the transmission is forwarded to the terminal 
server 112. HTTP transmissions containing electronic 
money information are forwarded to the control unit 1 22. 

The microcomputer is also equipped with router 
software to route the non-redirected traffic to the termi- 
nal servers and traffic originating from the user to the 
Internet and to the control means implemented by the 
transaction authorization means 122e. 

In the embodiment of Figure 8, the control unit 122 
comprises a Unix server, such as a HP 700 series work- 
station. The workstation runs the electronic wallet soft- 
ware 124. transaction authorization software 122e, SCP 



software 122h, user authentication software 122f and 
call database software 122g. 

The electronic wallet software 124 comprises func- 
tions enabling the software to act as a client, i.e. buyer, 

5 in electronic money transactions The wallet software 
preferably comprises specialized functions for handling 
different forms of electronic money, such as the E-cash 
and the credit card based SET protocol. The electronic 
wallet software handles the electronic money transac- 

10 tion messages received from the intercepting means 
120, 120' and queries the transaction authorization soft- 
ware for acceptance or denial of a transaction. After 
receiving an authorization, the electronic wallet soft- 
ware obtains the telephone call identifier from the call 

is database software on the basis of the user's IP address 
specified in the transaction message. After receiving the 
call identifier, the electronic money software instructs 
the SCP software to debit an amount of money on the 
user's telephone account The amount to be debited is 

20 based on the electronic money transaction request, 
possibly including service commissions of the ISP, sales 
taxes and other fees. If the exact amount cannot be 
charged due to fixed size of charging units within the tel- 
ephone network, the excess charge can be stored in the 

25 call database as temporary user credit, or be refunded 
by adjusting the basic charging interval within the tele- 
phone network. When the electronic wallet software 
receives from the SCP software an indication that the 
amount requested has been charged, it continues the 

30 electronic money transaction. The el ectronic wallet soft- 
ware includes the user's IP address information in such 
a way in the transmission sent as a reply to the mer- 
chant, that the user is identified as the sender of the 
transmission. 

35 The electronic wallet software 1 24 preferably holds 
a sufficiently large sum of electronic money, and all nec- 
essary certificates and credit and debit card numbers 
necessary for using credit card based electronic mone- 
tary systems. 

40 Transaction authorization software 122e deter- 
mines, whether a given transaction is authorized or not. 
The transaction authorization software comprises the 
functions necessary for implementing the authorization 
policy options described previously in connection with 

45 description of Figure 3. 

Preferably, the authorization software 122e also 
implements the payment control means 122a and policy 
control means 122b described previously. For that pur- 
pose, the authorization software administers one or 

so more WWW documents, in the form of HTML forms 
using CGI scripts. The users can access these docu- 
ments at a special network address, where the users 
can connect to in the same way as they would to any 
network address. The combined intercepting means 

55 and router 120 routes HTTP requests addressed to that 
address and originated by the users of the ISP to the 
authorization software. If a user has opened a connec- 
tion to the special network address and obtained the 
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payment control form, the authorization software can 
inform the user of a new payment request by sending 
the user an update of the form. The authorization soft- 
ware can recognize and certify that the intended user 
confirms the right payment request or that a user 
changes his own payment policy options, by checking 
the sender's IP address in the HTTP transmission sent 
by the user. 

The SCP software 122h comprises the functions 
needed for an IN-compliant Service Control Point. One 
example of such software is the OSN SCP software of 
Systems Software Partners Ltd., Lappeenranta, Fin- 
land. For the embodiment of Figure 8, software provid- 
ing a standard SCP functionality needs to be 
augmented with functions implementing the ability to 
communicate with the electronic wallet software 124. 

Whenever a new connection is opened through the 
SSP 106, the SCP software 122h stores information 
about the call to the call database 122g. This informa- 
tion can comprise a call identifier for future accounting 
functions and a line identification, that allows the user 
authentication software 122f to assign an IP number for 
that particular call. When a connection is closed, the 
SCP software 122h removes the information about the 
call from the call database 122g. 

The accounting function of the SCP software 122h 
is initiated by the electronic wallet software 124. When 
the SCP software 122h receives an accounting request 
from the electronic wallet software 124 indicating the 
amount of money to be charged and the call identifier, 
the SCP software 1 22h converts the amount into charg- 
ing units of the telephone network, and instructs the 
SSP 106 to perform the actual charging. After the SSP 
indicates that the charging is completed, the SCP sends 
an accounting reply to the electronic wallet software 
124, indicating that the accounting function has been 
performed. 

The user authentication software 122f assigns an 
IP number for each incoming call, and stores this 
number along with line information into the call data- 
base. Whenever the terminal server 112 receives a new 
incoming call, it sends an authentication request to the 
user authentication software 1121 This authentication 
request includes a line identifier, allowing the user 
authentication software 112f to assign an unique IP 
number to that line. The IP number is sent to the termi- 
nal server as a reply to the authentication request The 
user authentication software 1 12f may also authenticate 
the users, i.e. confirm whether a new call is made by a 
registered user of the ISP or not. 

In this embodiment, the call database software 
122g maintains a database of at least the following 
information: 

telephone account identifier or a call identifier 
required to perform telephone network billing, 
line identifier that identifies the terminal server used 
by the call as well as the logical line number within 



the terminal server, and 

the IP address assigned for the call. 

Several suitable database software packages are avail- 

5 able to and known by the man skilled in the art 

The terminal servers of the embodiment in Figure 8 
can be, for example, Ascend MAX TNT terminal servers 
from Ascend Communications Inc., US. These terminal 
servers can handle a large number of simultaneous 

10 calls and can support both conventional and ISDN tele- 
phone lines. Whenever a new phone call arrives from 
the SSP 106, the terminal server 112 queries the user 
authentication software 122f, which returns an IP 
number to be assigned for the call. The terminal server 

is also gives the IP number to the user's computer through 
PPP protocol negotiations, after which the terminal 
server 112 starts to pass the user's TCP/IP traffic, until 
the call is terminated. 

The SSP 106 in the embodiment of Figure 8 can be 

20 a conventional IN-compliant Service Switching Point 

The networks specified in this application, such as 
the Internet and the conventional telephone network, 
are specified as examples only and do not limit the 
invention in any way. The invention can be used in any 

25 environment comprising a base network with an 
accounting function, and services or some forms of 
merchandise payable with electronic money. 

In the previous embodiments, the ISP was given as 
an example of a suitable provider of the service enabled 

30 by the present invention. However, the invention is not 
limited to use by Internet Service Providers. For exam- 
ple, a company having an own telephone exchange may 
provide the system according to the invention for the 
benefit of its employees or its various units, without the 

35 company being an ISP per se. 

Using the present invention, a user does not need 
to make separate agreements with electronic money 
providers, nor does the user need to obtain the elec- 
tronic money before its use. The present invention alle- 

40 viates the burden on the user by removing the need to 
learn how to obtain and use electronic money. A user 
does not need to obtain any special electronic money 
software in order to use electronic money. The user 
does not need any extra programs to use the invention, 

45 other than those needed to use the Internet or similar 
networks in the first place. The invention also removes 
the computational load placed on the user's computer 
by conventional electronic monetary system, since in 
the system according to the invention, computationally 

so intensive operations of crypting electronic money infor- 
mation are performed in the computers of the ISP. The 
removal of the computational load Is especially benefi- 
cial for the users of small PDA-type communication 
devices, whose computational capacity is often rather 

55 limited. 

The present invention can be used with essentially 
all electronic monetary systems. An ISP can obtain all 
major forms of electronic money, whereafter the users 
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of the ISP have several different forms of electronic 
money at their easy disposal, resulting in a greater free- 
dom of choice in their merchant selections and pur- 
chase decisions. Also, users can then choose the most 
cost effective way of payment, since different fees 
charged by electronic money providers may vary 
according to the form of electronic money and the par- 
ticular electronic money provider. 

In this application, the term conventional transac- 
tion means any conventional way of effecting a mone- 
tary transaction, for example such as adding debit or 
credit on a user's telephone account, sencfing a sepa- 
rate invoice, transferring funds by bank transfer, or 
changing the balance on the user's internal account at 
the ISP for later invoicing or crediting. 

Claims 

1 . An electronic payment transaction system in a node 
joining a first telecommunications network and a 
second telecommunications network character- 
ized in that the system comprises an electronic 
payment intercepting means (120), which is 
arranged to redirect at least a part of electronic 
money transaction messages arriving from the first 
telecommunications network and addressed to 
users in the second telecommunications network to 
an electronic wallet means (124), which electronic 
wallet means (124) is arranged to convert elec- 
tronic money transaction messages into conven- 
tional transactions. 

2. A system according to Claim 1, characterized in 
that the system is arranged to send accounting sig- 
nals to the second telecommunications network to 
change the balance of the user's account with a 
sum corresponding to a received electronic money 
payment request addressed to the user. 

3. A system according to Claim 1 or 2, characterized 
in that said electronic wallet means (124) is 
arranged to send an electronic money payment into 
the first telecommunications network in response to 
a payment request. 

4. A system according to Claim 1. 2, or 3, character- 
ized in that said electronic wallet means (124) is 
arranged to collect more than one transaction of a 
user on an account internal to the system, before 
effecting a transaction between the system and the 
user. 

5. A system according to Claim 1, characterized in 
that the first telecommunications network is a 
TCP/IP network. 

6. A system according to Claim 5, characterized in 
that the first telecommunications network is the 



Internet network. 

7. A system according to Claim 1 , characterized in 
that the second telecommunications network is a 

5 conventional PSTN telephone network. 

8. A system according to Claim 1. characterized in 
that the second telecommunications network is 
arranged to support ISDN connections. 

10 

9. A system according to Claim 1 , characterized in 
that the second telecommunications network is a 
cellular mobile telecommunications network. 

is 10. A system according to Claim 1, characterized in 
that the system further comprises transaction con- 
trol means in order to allow a user to confirm or 
decline transaction requests. 

20 11. A system according to Claim 1, characterized in 
that the system further comprises means for allow- 
ing a user to initiate an electronic payment transac- 
tion. 

25 12. A method for performing electronic money transac- 
tions, characterized in that the method comprises 
the steps of 

receiving a electronic money transaction 
30 request from a first telecommunications net- 

work addressed to a user in a second telecom- 
munications network, 

transforming the electronic transaction request 
to a conventional transaction. 

35 

13. A method according to Claim 12, characterized in 
that the method additionally comprises the step of 
sending accounting signals to the second telecom- 
munications network to change the balance of the 

40 account of the user with a sum corresponding to the 
requested transaction, as a response to the 
request. 

14. A method according to Claim 12, characterized in 
45 that the method additionally comprises the step of 

sending an electronic payment into the first tele- 
communications network in response to a payment 
request. 

so 15. A method according to Claim 12, characterized in 
that the method additionally comprises the step of 
checking, whether the user has authorized the 
transaction, and if the user has not authorized the 
transaction, sending a signal denying the transac- 

55 tion in response to the transaction request 
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